Hello,
I noticed that ACL needs to be explicitly enabled for ext3 filesystems
at mount time when using star to restore some ACL-enabled backups.
Would this be likely to be turned on in FC3, or even better, FC3test2?
I recall long, long time ago (during RH9 beta, or even RH8) ACL was
turned on for one or two beta releases then turned off again.
I have not been using it heavily but it seems to work fine on my machine.
Thanks,
--
Michel Salim 林智勇
http://salimma.livejournal.com

My system (i686, scsi, ipv4) is not so happy at the moment.
yum update at the moment, but MAKEDEV may or may not be up2date
%pre message says it cannot install because of /devfs,
but bottom line message says 'Success' ??
Same messages with 'yum update dev'
Version number of either MAKEDEV or dev was 3.9.1-1.i386
When the boot finally ends and I log in, I needed to manually ifup the eth0
su
/etc/sysconfig/network-scripts/ifup eth0
If I then go back to user and startx
exit
startx
My Gnome desktop comes up, but stays up and controllable for about a minute.
I was able to start Mozilla, and start creating a bug report, but then
after I had almost all of the text typed, all I could move was the mouse
cursor - everything else was frozen.
Fortunately the code behind the power button has been nicely massaged. A
single click will put the system into a graceful shutdown.
Hope this email will offer some clues.
BobG

Almost two months ago Nils Philippsen started a thread about disk
encryption in Fedora Core. I wanted to make some comments about the
progress that has been made and the things that still need to be done.
First, it was determined that the lowest hanging fruit was adding support
for encrypted swap. This is generally a prerequisite for disk encryption
(note that it is possible that Apple didn't get this right[1]).
Russell Coker found a nice script from the Debian folks that can be
installed in /etc/init.d and used for initializing encrypted swap. A new
configuration file, /etc/crypttab, determines how disks are encrypted.
[2] is a Bugzilla bug that tracks encrypted swap and includes a link to
the cryptdisk script and instructions.
Currently the ordering of events needs some work. The cryptdisk
initializes encrypted swap after rc.sysinit but rc.sysinit executes
``swapon -a'' before the cryptdisk script runs.
Another goal is to add support to Fedora Core for an encrypted
root device. In order to do this, mkinitrd must support creating an
initrd that can unlock the root filesystem. [3] contains a patch for
mkinitrd that does this. Thanks to comments from Russell Coker, the
patch now supports booting off a removable disk (only the kernel and
initrd reside on the removable disk -- the encrypted root does not need
to be removable). The mkinitrd patch also receives it configuration
from /etc/crypttab.
The encrypted root patch at [3] requires that cryptsetup be statically
linked. [4] provides a patch to the cryptsetup RPM specification that
does this.
Finally, [5] contains some notes about and a link to a patch for
util-linux that adds dm-crypt support to mount. This allows one to
use the standard mount interface instead of the specialized cryptsetup
command to mount dm-crypt volumes. The patch works, but depends on an
unreleased cryptsetup 0.2. The author of the patch has not stated if he
is going to continue to maintain the patch. The author of util-linux
has concerns about loop-aes vs. cryptoloop vs. dm-crypt that must be
addressed before he accepts the patch.
If you are interested in the util-linux patch, let me know and I will
fill you in. Otherwise, this fruit seems out of reach for now.
Some progress has been made in implementing encrypted swap and root
support in Fedora Core. Other than the requirements noted above, there
is still the need for documentation. I plan on writing up some
instructions as well a rudimentary attack tree for all of this.
Happy hacking!
[1] http://www.securityfocus.com/archive/1/367116/2004-06-21/2004-06-27/0
[2] https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127378
[3] https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=124789
[4] https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=129926
[5] https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=56698
--
Mike
:wq